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EXAMINER'S AMENDMENT 

1 . An examiner's amendment to tlie record appears below. Sliould tine clianges 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

2. Authorization for this examiner's amendment was given in a telephone interview 
with Michael T. Abramson on March 1 1 , 2010. 

3. The application has been amended as follows: 
In the claim: 

32. An apparatus to establish identity in a file system, comprising: 

a proxy configured to receive a first Network File System (NFS) operation 

concerning an indicated file sent by a client to the file system, the proxy further 

configured to forward the first NFS operation to be received by a file server; 

the file server configured to return a NFS file handle associated with the first NFS 

operation to the proxy in response to the file server receiving the first NFS operation 

from the proxy; 

the proxy further configured to insert metadata into the NFS file handle in 
response to receiving the NFS file handle from the file server, wherein the metadata is 
an encryption key; and 

the proxy further configured to send the NFS file handle with the metadata 
inserted in the NFS file handle to the client as a reply to the first NFS operation, the 
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metadata and the NFS file handle to be used in a second NFS operation to identify the 
client and the indicated file; 

the proxy further configured to receive, by the client, a second NFS operation, 
the second NFS operation comprising the metadata in the second NFS file handle sent 
with the second NFS operation: 

the proxy to identify, in response to the metadata, the client as having a 
permission to submit the second NFS operation: 

the proxy to send the second NFS operation to the file server and not to send the 
metadata with the second NFS file handle to the file server: and 

the proxy to receive a second NFS reply from the file server, and the proxy to 
send the second NFS reply to the client . 

33. The apparatus of Claim 32, whereby using the metadata in the NFS file handle 
eliminated the need for the proxy to generate additional reguests to the file server to 
complete client reguests opparotuG as i n c l a i m 32. further compr i s i ng : 

the proxy further conf i gured to rccc i vc, by the c li ent, a second NFS operat i on, 
the second NFS operat i on compr i s i ng th e m e tadata i n th e s e cond NFS f ile hand le s e nt 
w i th the second NFS operat i on; 

th e proxy to i d e nt i fy, i n r e spons e to th e m e tadata, th e c lie nt as hav i ng a 
porm i sG i on to subm i t the second NFS operat i on; 

the proxy to send the second NFS op e rat i on to th e f ile s e rv e r and not to s e nd th e 
metadata w i th the second NFS f il e hand l e to the f il e Gorvor; and 
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th e proxy to r e c ei v e a s e cond NFS r e p l y from th e f ile s e rv e r, and th e proxy to 
send the second NFS rep l y to the c li ent . 



38. A non-volatile memory executed on a computer, comprising: 

the non-volatile memory containing procedures for execution on the computer for 
a method of establishing identity in a file system, the method having the steps of 

receiving, from a client, a first N e twork F ile Syst e m (NFS) operation concerning 
an indicated file, the first NPS operation received by a proxy; 

forwarding the first NPS operation from the proxy to be received by a file server; 

returning a file handle associated with the first operation from the file 
server to the proxy in response to the file server receiving the first NPS operation from 
the proxy; 

inserting, by the proxy, metadata into the NPS file handle in response to 
receiving the NFS file handle from the file server, wherein the metadata is an encryption 
key; and 

sending, by the proxy in response to receiving the NFS file handle from the file 
server, the NFS file handle with the metadata inserted in the NFS file handle to the 
client as a reply to the first NFS operation; af>4 

us i ng, by th e c lie nt, th e m e tadata and th e NFS f ile hand le i n a s e cond NFS 
operat i on to i dent i fy tho c li ent and the i nd i cated f il o: 
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receiving, from the client, a second file request by the proxy, the second file 
request comprising the metadata in a second file handle sent with the second file 
request: 

identifvinq. in response to the metadata, that the client has permission to submit 
the second file request: 

sending the second file request to the file server and not sendinq the metadata 
with the second file handle to the file server: and 

receiving, bv the proxy, a second reply from the file server, and sendinq bv the 
proxy the second reply to the client . 

39. (Previously Presented) A method for establishing identity in a file system, 
comprising: 

receiving a first file request concerning an indicated file from a client, the first file 
request received by a proxy; 

forwarding the first file request from the proxy to a file server; 

granting a permission for the request to be acted upon by the file system in 
response to a predetermined protocol; 

returning a reply associated with the first file request from the file server to the 
proxy, wherein the reply includes a file handle associated with the indicated file; 

inserting, by the proxy, a session key into the file handle; aR4 
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sending, by the proxy, the file handle with the session key inserted in the file 
handle to the client, the session key to be used in further requests to identify the client 
and the indicated file 

receiving, from the client, a second file request bv the proxy, the second file 
request comprising Information from the session key in a second file handle sent with 
the second file request; 

identifying, in response to the session key, that the client has permission to 
submit the second file request: 

sending the second file request to the file server and not sending the session key 
with the second file handle to the file server: and 

receiving, by the proxy, a second reply from the file server, and sending by the 
proxy the second reply to the client . 

40. The non-volatile memory of Claim 38, whereby using the metadata In the file 
handle eliminates a need for the proxy to generate additional requests to the file server 
to establish file identity further compr i s i ng: 

rec ei v i ng, from th e c li ent, a s e cond NFS op e ration by th e proxy, th e s e cond NFS 
operat i on comprlGing a soGs i on key i n a oocond NFS f il e hand l e oont w i th the second 
NFS op e ration; 

i dent i fy i ng, i n roGponGO to the GOGo i on key, that tho c li ent has tho porm i ss i on to 
subm i t the oecond NFS operat i on; 
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send i ng th e s e cond NFS op e rat i on to th e f ile 



and not s e nd i ng th e 



l <oy w i th the second NFS f il o hand l e to tho f il o 



•; and 



r e c ei v i ng by th e proxy a s e cond NFS r e p l y from th e fi le 



r, and send i ng by 



the proxy the second NFS rep l y to the c li ent . 

45. An apparatus to establish identity in a file system, comprising: 

a proxy to receive a file request sent by a client to the file system, the proxy to 

forward the request to a file server; 

the file server to return a reply associated with the file request to the proxy, 

wherein the reply includes a file handle; 

the proxy to insert a session key into the file handle; 

the proxy to send the file handle with the session key inserted in the file handle to 
the client, the session key to be used in further requests to identify the client and the 
indicated file; 

the proxy to receive, bv the client, a second file request, the second file request 
to include the session kev in a further file handle sent with the second request: 

the proxy to identify, in response to the session key, the client as havina a 
permission to submit the another file request: 

the proxy to send the second request to the file server and not to send the 
session kev with the second file handle to the file server: and 

the proxy to receive a further reply from the file server, and the proxy to send the 
further reply to the client . 
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46. The apparatus as in claim 45, wlierebv using the session key in the file handle 
eliminates a need for the proxy to generate additional requests to the file server to 
establish file identity further compr i s i ng: 

th e proxy to r e c e iv e , by th e c lie nt, a s e cond f ile r e qu e st, th e s e cond f ile r e quest 
to i nc l ude the sess i on key i n o further f il o hand l e sont w i th tho oocond request; 

th e proxy to i d e nt i fy, i n r e spons e to th e s e ss i on k e y, th e c lie nt as hav i ng a 
perm i ss i on to subm i t tho another f il o request; 

th e proxy to s e nd th e s e cond r e qu e st to th e f i le serv e r and not to s e nd th e 
sess i on key with tho second f il o hand l e to tho f il o sorvor; and 

th e proxy to r e c ei v e a furth e r r e p l y from th e f ile s e rv e r, and th e proxy to s e nd th e 
further rop l y to tho c li ent . 

47. The apparatus of Claim 45, further compr i s i ng: wherein 

the proxy to us e th e m e tadata i n th e file handle is a Network File System (NFS) 
file handle roco i vod from tho c li ent to e li m i nate a need for add i t i ona l commun i cat i on w i th 
the fi l e s e rv e r to e stab li sh f ile i d e nt i ty . 

52. A method for establishing identity in a file system, comprising: 

receiving a first file request concerning an indicated file from a client, the first file 

request received by a proxy; 

forwarding the first file request from the proxy to a file server; 
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determining tliat tlie client has a permission to liave tlie request acted upon by 
the file system in response to a predetermined protocol; 

returning a reply associated with the first file request from the file server to the 
proxy, wherein the reply includes a file handle associated with the indicated file; 

inserting, by the proxy, a cryptographic information into the file handle 

sending, by the proxy, the file handle with the cryptographic information inserted 
in the file handle to the client, the cryptographic information to be used in one or more 
requests to identify the client and the indicated file; 

receiving, by the client, a second file request by the proxy, the second file 
request including the cryptographic information in a second file handle sent with the 
second file request: 

identifying, in response to the cryptographic information, that the client has the 
permission to submit the second file request: 

sending the second file request to the file server and not sending the 
cryptographic information with the second file handle to the file server: and 

receiving bv the proxy a second reply from the file server, and sending bv the 
proxy the second reply to the client . 

53. The method according to claim 52, whereby using the cryptographic information 
in the file handle eliminates a need for the proxy to generate additional requests to the 
file server to establish file identity further compr i s i ng: 
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r e c ei v i ng, by th e c lie nt, a s e cond f ile r e qu e st by th e proxy, th e s e cond f ile 
request i nc l ud i ng the cryptograph i c i nformat i on i n a socond f il o hand l e sent w i th the 
second f il o roquost; 

i dent i fy i ng, i n rosponso to tho cryptograph i c i nformat i on, that tho c li ont has tho 
p e rm i ss i on to submit th e s e cond f ile r e qu e st; 

send i ng tho socond f il o roquost to tho f il o server and not sending tho 
cryptograph i c i nformat i on w i th th e s e cond fi le hand le to th e f ile s e rv e r; and 

rece i v i ng by tho proxy a socond rep l y from tho f il o server, and send i ng by tho 
proxy th e s e cond r e p l y to th e c lie n t. 

58. An apparatus to establish identity in a file system, comprising: 

a proxy configured to receive a file request for an indicated file sent by a client to 

the file system, the proxy further configured to forward the request to a file server; 

the file server configured to return a reply associated with the file request to the 

proxy, wherein the reply is configured to include a file handle; 

the proxy further configured to insert a cryptographic information into the file 

handle; afi4 

the proxy further configured to send the file handle with the cryptographic 
information inserted in the file handle to the client, the cryptographic information 
configured to be used in further requests to identify the client and the indicated file; 
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the proxy further configured to receive, by the client, a second request, the 
second file request to include the cryptographic information in a second file handle sent 
with the second request: 

the proxy further configured to identify, in response to the crvptcqraphic 
information, the client as having a permission to submit the second file request: 

the proxy further configured to send the second request to the file server and not 
to send the cryptographic information with the second file handle to the file server: and 

the proxy further configured to receive a further reply from the file server, and the 
proxy to send the further reply to the client . 

59. The apparatus as in claim 58, whereby using the cryptographic information in the 
file handle eliminates a need for the proxy to generate additional requests to the file 
server to establish file identity furth e r compr i s i ng: 

tho proxy further conf i gured to roco i vo, by the c li ent, a oocond roquost, tho 
second f il e r e qu e st to i nc l ud e th e cryptograph i c i nformat i on i n a s e cond fi le hand le s e nt 
w i th tho Gocond roquost; 

th e proxy furth e r conf i gur e d to id e ntify, in r e spons e to tho cryptograph i c 
informat i on, th e c lie nt as hav i ng a p e rm i ss i on to submit th e s e cond f ile r e qu e st; 

th e proxy furth e r conf i gur e d to s e nd th e s e cond r e qu e st to th e f il e s e rv e r and not 
to Gond tho cryptograph i c i nformat i on w i th tho oocond f il o hand l e to tho f il o sorvor; and 

the proxy further conf i gur e d to rec ei v e a furth e r r e p l y from th e f ile s e rv e r, and th e 
proxy to Gond tho further rop l y to tho c li ont . 
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60. The apparatus of claim 58, furtlior compr i G i nq: wlierein 

the proxy furth e r conf i gur e d to us e th e m e tadata i n th e file handle is a Network 
File System (NFS) file handle roco i vod from tho c li ont to o li m i nato a nood for add i t i ona l 
commun i cat i on w i th th e f ile s e rv e r to e stab li sh f ile id e nt i ty . 

65. A method for establishing identity in a file system, comprising: 

receiving a file request concerning an indicated file from a client, the request 

received by a proxy; 

forwarding the request from the proxy to a file server; 

returning a reply associated with the file request from the file server to the proxy, 
wherein the reply includes a file handle associated with the indicated file; 

inserting, by the proxy, metadata into the file handle; afi4 

sending, by the proxy, the file handle with the metadata inserted in the file handle 
to the client, a size of the file handle set to a sum of a length of the server file handle 
and a length of the proxy metadata, the metadata to be used in further requests to 
identify the client and the indicated file : and 

receiving, from the client, a second file request by the proxy, the second file 
request comprisinq the metadata in a second file handle sent with the second file 
request: 

identifvinq. in response to the metadata, that the client has permission to submit 
the second file request: 
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sending the second file request to the file server and not sending the metadata 
with the second file handle to the file server: and 

receiving by the proxy a second reply from the file server, and sending by the 
proxy the second reply to the client . 

66. A method, comprising: 

receiving, by a proxy, a file request for a file sent from a client; 

forwarding the file request from the proxy to a file server; 

returning a reply associated with the file request from the file server to the proxy, 
wherein the reply includes a file handle; 

inserting, by the proxy, metadata into the file handle; 

sending, by the proxy, the file handle with the metadata inserted in the file handle 

to the client; 

us i ng, by tho c li ent, the motadata i noortod i nto the f il e hand l e i n q oubocquont f il e 
reouest to i dent i fy th e c lie nt and th e f ile receiving, from the client, a second file recuest 
by the proxy, the second file reouest comprising the metadata in a second file handle 
sent with the second file recuest: 

identifying, in response to the metadata, that the client has permission to submit 
the second file request; 

sending the second file reouest to the file server and not sending the metadata 
with the second file handle to the file server: and 
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receiving by the proxy a second reply from the file server, and sending by the 
proxy the second reply to the client . 

67. A computer apparatus, comprising: 

a proxy configured to receive a client file request for a file and forward the file 
request from the proxy to a file server; 

the server configured to return a reply associated with the file request, wherein 
the reply includes a file handle; 

the proxy further configured to intercept the file handle sent from the server and 
insert metadata into the file handle to create a modified file handle; 

the proxy further configured to send the modified file handle with the metadata 
inserted in the file handle to the client; an^ 

the proxy further configured to receive the modified file handle from the client for 
a second file request for the file, wherein the proxy is further configured to use the 
modified file handle to eliminate a need for the proxy to generate one or more additional 
requests to the server that would be required to access the file if the modified file handle 
did not include the inserted metadata; 

the proxy further configured to receive, by the client a second file request, the 
second file request configured to include the metadata in a second file handle sent with 
the second file reouest: 

the proxy further configured to identify, in response to the metadata, the client as 
having permission to submit the second file reouest: 
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the proxy further configured to send the second file request to the file server and 
not to send the metadata with the second file handle to the file server: and 

the proxy further configured to receive a second repiv from the file server, and 
the proxy to send the second reply to the client . 

REASONS FOR ALLOWANCE 

4. Claims 1 - 5, and 30 - 67 are allowable in light of the applicant's arguments and 
in light of the prior art made of record. 

Reason for Indicating Allowable Subject Matter 

5. The following is an examiner's statement of reasons for allowance: Upon 
searching a variety of databases, the examiner respectfully submits that the following 
claim language is not taught by the prior art in conjunction with other recited limitations 
of its claim: 

"inserting, by the proxy, metadata into the NFS file handle in response to receive the 
NFS file handle from the file server, wherein the metadata is an encryption key; 
sending, by the proxy in response to receiving the NFS file handle from the file server, 
the NFS file handle with the metadata inserted in the NFS file handle to the client as a 
reply to the first NFS operation; using, by the client, the metadata and the NFS file 
handle in a second NFS operation to identify the client and the indicated file: and 
receiving, from the client, the second NFS operation by the proxy, the second NFS 
operation comprising the metadata sent with the second NFS operation" recited in claim 
1; 
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"inserting, by the proxy, metadata into the tile handle; sending, by the proxy, the file 
handle with the metadata inserted in the file handle to the client, the metadata to be 
used in further requests to identify the client as having a permission to access the 
indicated file; receiving, from the client, a second file request by the proxy, the second 
file request including the metadata in a second file handle sent with the second file 
request; identifying, in response to the metadata, that the client has the permission to 
submit the second file request; sending the second file request to the file server and not 
sending the metadata with the second file handle to the file server" recited in claim 31 ; 
"the proxy further configured to insert metadata into the NFS file handle in response to 
receiving the NFS file handle from the file server, wherein the metadata is an encryption 
key; and the proxy further configured to send the NFS file handle with the metadata 
inserted in the NFS file handle to the client as a reply to the first NFS operation, the 
metadata and the NFS file handle to be used in a second NFS operation to identify the 
client and the indicated file;_the proxy further configured to receive, by the client, a 
second NFS operation, the second NFS operation comprising the metadata in the 
second NFS file handle sent with the second NFS operation" recited in claim 32; 
"inserting, by the proxy, metadata into the file handle in response to receiving the NFS 
file handle from the file server, wherein the metadata is an encryption key; and sending, 
by the proxy in response to receiving the file handle from the file server, the file handle 
with the metadata inserted in the file handle to the client as a reply to the first operation; 
receiving, from the client, a second file request by the proxy, the second file request 
comprising the metadata in a second file handle sent with the second file request" 
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recited in claim 38; "inserting, by the proxy, a session key into the file handle; sending, 
by the proxy, the file handle with the session key inserted in the file handle to the client, 
the session key to be used in further requests to identify the client and the indicated file 
receiving, from the client, a second file request by the proxy, the second file request 
comprising information from the session key in a second file handle sent with the 
second file request" recited in claim 39; "the proxy to insert a session key into the file 
handle; the proxy to send the file handle with the session key inserted in the file handle 
to the client, the session key to be used in further requests to identify the client and the 
indicated file; the proxy to receive, by the client, a second file request, the second file 
request to include the session key in a further file handle sent with the second request" 
recited in claim 45; 

"the proxy further configured to insert a session key into a file handle; the proxy further 
configured to send the file handle with the session key inserted in the file handle to the 
client, the session key configured to be used in a second file request to identify the 
client and the indicated file; the proxy further configured to receive, by the client, a 
second file request, the second file request configured to include the session key in a 
second file handle sent with the second file request" recited in claim 51 ; 
"inserting, by the proxy, a cryptographic information into the file handle sending, by the 
proxy, the file handle with the cryptographic information inserted in the file handle to the 
client, the cryptographic information to be used in one or more requests to identify the 
client and the indicated file; receiving, by the client, a second file request by the proxy. 



Application/Control Number: 10/803,788 Page 18 

Art Unit: 2162 

the second file request including the cryptographic information in a second file handle 
sent with the second file request" recited in claim 52; 

" the proxy further configured to insert a cryptographic information into the file handle; 
the proxy further configured to send the file handle with the cryptographic information 
inserted in the file handle to the client, the cryptographic information configured to be 
used in further requests to identify the client and the indicated file; the proxy further 
configured to receive, by the client, a second request, the second file request to include 
the cryptographic information in a second file handle sent with the second request" 
recited in claim 58; 

"the proxy further configured to insert a cryptographic information into a file handle; the 
proxy further configured to send the file handle with the cryptographic information 
inserted in the file handle to the client, the cryptographic information configured to be 
used in a second file request to identify the client and the indicated file; the proxy further 
configured to receive, by the client, a second file request, the second file request 
configured to include the cryptographic information in a second file handle sent with the 
second file request" recited in claim 64; 

"inserting, by the proxy, metadata into the file handle; sending, by the proxy, the file 
handle with the metadata inserted in the file handle to the client, a size of the file handle 
set to a sum of a length of the server file handle and a length of the proxy metadata, the 
metadata to be used in further requests to identify the client and the indicated file; and 
receiving, from the client, a second file request by the proxy, the second file request 
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comprising the metadata in a second file handle sent with the second file request" 
recited in claim 65; and 

"inserting, by the proxy, metadata into the file handle; sending, by the proxy, the file 
handle with the metadata inserted in the file handle to the client; receiving, from the 
client, a second file request by the proxy, the second file request comprising the 
metadata in a second file handle sent with the second file request" recited in claim 66; 
and "the proxy further configured to intercept the file handle sent from the server and 
insert metadata into the file handle to create a modified file handle; the proxy further 
configured to send the modified file handle with the metadata inserted in the file handle 
to the client; the proxy further configured to receive the modified file handle from the 
client for a second file request for the file, wherein the proxy is further configured to use 
the modified file handle to eliminate a need for the proxy to generate one or more 
additional requests to the server that would be required to access the file if the modified 
file handle did not include the inserted metadata; the proxy further configured to receive, 
by the client a second file request, the second file request configured to include the 
metadata in a second file handle sent with the second file request" recited in claim 67". 
Therefore, all pending claims 1 - 5, and 30 - 67 are hereby allowed. 
6. Any comments considered necessary by applicant must be submitted no later 
than the payment of the issues fee. Such submissions should be clearly labeled 
"Comments on Statement of Reasons for Allowance." 
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Conclusion 

7. Any inquiry concerning this communication or earlier communications from tine 
examiner should be directed to GIOVANNA GOLAN whose telephone number is 
(571)272-2752. The examiner can normally be reached on 8:30 am - 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Breene can be reached on (571) 272-4107. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Giovanna Golan 
Examiner 
Art Unit 2162 
March 11, 2010 

/John Breene/ 

Supervisory Patent Examiner, Art Unit 2162 



